From: Joshua Aberback <[email protected]> [Why & How] Overwriting the refcount on stream restore can lead to double-free errors or memory leaks if an unbalanced number of retains and releases occurs between a backup and restore.
Reviewed-by: Dillon Varone <[email protected]> Signed-off-by: Joshua Aberback <[email protected]> Signed-off-by: Ray Wu <[email protected]> --- drivers/gpu/drm/amd/display/dc/core/dc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/gpu/drm/amd/display/dc/core/dc.c b/drivers/gpu/drm/amd/display/dc/core/dc.c index b720e007c654..f519e5893a68 100644 --- a/drivers/gpu/drm/amd/display/dc/core/dc.c +++ b/drivers/gpu/drm/amd/display/dc/core/dc.c @@ -3389,7 +3389,11 @@ static void restore_planes_and_stream_state( for (i = 0; i < status->plane_count; i++) { dc_plane_copy_config(status->plane_states[i], &scratch->plane_states[i]); } + + // refcount is persistent + struct kref temp_refcount = stream->refcount; *stream = scratch->stream_state; + stream->refcount = temp_refcount; } /** -- 2.43.0
